• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Additional FTP account shutting right down after opening (via FTP client)

M

muckaveli

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
18.05.54
My Goal

I want to create multiple working FTP accounts.

What works

Domains > Domain > FTP > Add an FTP Account

I can create a very first user that I have no trouble successfully connecting via FTP client (FileZilla) with the Settings:
  • Protocol: SFTP - SSH File Transfer Protocol
  • Server: my server
  • Port: 22
  • User
  • Pass
The problem

Every additional user after that will connect very briefly and then get kicked out, like this log states:

Code: 
Status:    Connecting to IP...
Response:    fzSftp started, protocol_version=11
Command:    open "user@IP" 22
Status:    Using username "username".
Command:    Pass: *********
Status:    Connected to IP
Error: Failed to connect to server

Maybe Interesting
In FTP Accounts of domain , if I hover over the first username, the URL behind it is
Code: 
https://ip/smb/web/edit
, but every additional user has
Code: 
https://ip/smb/ftp/edit-user/id/4

Do you have any advice on what's going on here?
 
Additional FTP user accounts are only FTP user accounts, not SSH accounts. But you are trying to connect using SFTP to an account that only supports FTP or FTPS. SFTP (on port 22) connects using SSH, then puts the FTP protocol on top. This cannot work. You need to connect using FTP (port 21). Please enter the Port 21 instead of 22 in your FTP client's configuration.
 
Peter Debik said:
Additional FTP user accounts are only FTP user accounts, not SSH accounts. But you are trying to connect using SFTP to an account that only supports FTP or FTPS. SFTP (on port 22) connects using SSH, then puts the FTP protocol on top. This cannot work. You need to connect using FTP (port 21). Please enter the Port 21 instead of 22 in your FTP client's configuration.
Click to expand...

Thank you for your explanation.

Using FTP via port 21 results in "Connection timed out after 20 seconds of inactivity" followed by "Failed to connect to server". I tried active, passive and standard.

According to my firewall settings, port 21 is open.

Any recommendations how to continue from here on out? Thank you
 
Some datacenters have a firewall in front of the server. It is thinkable that port 21 is closed there and needs to be opened.
 
muckaveli said:
Thank you for your explanation.

Using FTP via port 21 results in "Connection timed out after 20 seconds of inactivity" followed by "Failed to connect to server". I tried active, passive and standard.

According to my firewall settings, port 21 is open.

Any recommendations how to continue from here on out? Thank you
Click to expand...
@muckaveli

It might be the case that you have one of the FileZilla versions that contains a bug.

Please update to the latest version or - even better - please install FileZilla PRO ...... the paid-for version of FileZilla is less buggy.


If you have the latest FileZilla version, then connection should not be an issue, if and only if you are using the right FTP credentials AND if you are using the correct server settings.


Nevertheless, it is very likely that there is a firewall related issue!

Even if port 21 is open, then a FTP connection might be blocked via the firewall if the passive ports are not allowed to accept connections.

For that reason, you should add the 49152-65535 port range to the firewall and add the IPs that are allowed to connect via FTP.

I am pretty sure that this additional firewall could solve your issue.


Kind regards....

PS Always use the "Passive FTP" settings, for many reasons!
 
Peter Debik said:
Some datacenters have a firewall in front of the server. It is thinkable that port 21 is closed there and needs to be opened.
Click to expand...
We are customers of IONOS and their tech support said something along the lines of "port 21 is open but there seems to be no service installed behind it". Do you have any idea what that could mean practically?
 
trialotto said:
@muckaveli

It might be the case that you have one of the FileZilla versions that contains a bug.

Please update to the latest version or - even better - please install FileZilla PRO ...... the paid-for version of FileZilla is less buggy.


If you have the latest FileZilla version, then connection should not be an issue, if and only if you are using the right FTP credentials AND if you are using the correct server settings.


Nevertheless, it is very likely that there is a firewall related issue!

Even if port 21 is open, then a FTP connection might be blocked via the firewall if the passive ports are not allowed to accept connections.

For that reason, you should add the 49152-65535 port range to the firewall and add the IPs that are allowed to connect via FTP.

I am pretty sure that this additional firewall could solve your issue.


Kind regards....

PS Always use the "Passive FTP" settings, for many reasons!
Click to expand...
Thank you for your detailed answer.

I am currently running FileZilla v. 3.65.0, which should be the latest. I always keep it up to date and never had issues with any other FTP connection thus far.
The connection has been set to "passive" already (and still is) but unchecking it doesn't change anything either.

The firewall I use is the extension "Firewall" (v. 2.1.5.-412) opening it via Home > Extensions > Firewall gives a lot of options like "FTP server passive ports" and "FTP server" both are set to "Allow incoming from all". I added "Allow incoming from all on port 49152-65535/tcp" but it doesn't change anything.

Do you have any other recommendations? I am very lost at this point.
 
muckaveli said:
So no Plesk user is EVER allowed to use more than one SFTP account? I can't believe there is no solution to this.
Click to expand...
You can do it but is not supported (the customization). I had a Plesk server on Media Temple with multiple SFTP accounts however I didn't implement this.
 
muckaveli said:
If I remember correctly they won't help me since my license is not directly purchased from them but via my server-host. My server-host says "this is a root server, so we can't assist you with that". Nobody feels responsible really, that's why I had to come to this forum and bother you guys ;)
Click to expand...
Wish you the best luck, you can vote for this feature here Enable chrooted sftp for more than one user per account
 
muckaveli said:
So no Plesk user is EVER allowed to use more than one SFTP account? I can't believe there is no solution to this.
Click to expand...
If you would like to have that feature, please vote for it here:
plesk.uservoice.com

Enable chrooted sftp for more than one user per account

If I use FTP, I can make as many users as I want. For various reasons, using FTP is not optimal at my workplace. I'd like to be able to let each ftp user I create log in with chrooted sftp. I'm able to modify /etc/passwd and /var/www/vhosts/example.org/etc/passwd to make it work, but doing that...
plesk.uservoice.com
 
muckaveli said:
If I remember correctly they won't help me since my license is not directly purchased from them but via my server-host. My server-host says "this is a root server, so we can't assist you with that". Nobody feels responsible really, that's why I had to come to this forum and bother you guys ;)
Click to expand...
When you bought your license from a reseller, it is cheaper than buying it from Plesk directly, but your reseller is responsible to deliver support. If your reseller does not abide by these terms and does not fulfill that obligation, you can still get support from Plesk directly. Please see this article, how it works:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-
 
@muckaveli

Please note that I am a bit lost here, since I see SFTP and FTP(S) mixed in most posts.

What do you exactly want to do? SFTP? or FTPS?

That seems to be a "question after the solution", but it is a relevant question.

In essence, SFTP and FTPS are totally different and both have their advantages and disadvantages.

It is not about "Enable chrooted SFTP for multiple accounts" - which implies a bigger security risk : the attack surface increases.

It is all about performance in daily usage.

In essence, SFTP seems to be more secure, but one can safely doubt this "advantage" in the modern age.

Both FTPS and SFTP use some kind of encryption, but the true advantage of FTPS over SFTP is that FTPS can use multiple connections, as opposed to SFTP (that uses one connection and creates a big overhead, which reduces performance considerably).

This is only a (very) brief summary, but it should give you sufficient "food for thought" - whenever possible, I would opt for FTPS.

In addition, it has to be duly noted that any SFTP client provided with Plesk can be deemed to be "unstable" (and insecure) at this moment.

Again, it is not clear to me what we are talking about ...... FTPS or SFTP.

But answer the question yourself by using FileZilla to the full extent and transfer 20 individual test files of 1 GB to your remote server : once with SFTP and once with FTPS ........ and you will probably conclude that it is just as easy to use FTPS.

It is just a consideration.

Kind regards....
 
trialotto said:
@muckaveli

Please note that I am a bit lost here, since I see SFTP and FTP(S) mixed in most posts.

What do you exactly want to do? SFTP? or FTPS?

That seems to be a "question after the solution", but it is a relevant question.

In essence, SFTP and FTPS are totally different and both have their advantages and disadvantages.

It is not about "Enable chrooted SFTP for multiple accounts" - which implies a bigger security risk : the attack surface increases.

It is all about performance in daily usage.

In essence, SFTP seems to be more secure, but one can safely doubt this "advantage" in the modern age.

Both FTPS and SFTP use some kind of encryption, but the true advantage of FTPS over SFTP is that FTPS can use multiple connections, as opposed to SFTP (that uses one connection and creates a big overhead, which reduces performance considerably).

This is only a (very) brief summary, but it should give you sufficient "food for thought" - whenever possible, I would opt for FTPS.

In addition, it has to be duly noted that any SFTP client provided with Plesk can be deemed to be "unstable" (and insecure) at this moment.

Again, it is not clear to me what we are talking about ...... FTPS or SFTP.

But answer the question yourself by using FileZilla to the full extent and transfer 20 individual test files of 1 GB to your remote server : once with SFTP and once with FTPS ........ and you will probably conclude that it is just as easy to use FTPS.

It is just a consideration.

Kind regards....
Click to expand...
What I am trying to archive is setting up whatever working access for a third party developer to help me maintain my website. At this point, I really don't care if it's SFTP or FTP (yes, I am aware it's outdated) as long as it works. I just need to grant somebody a QUICK and RESTRICTED (as in not being able to view the root directory but being locked to a staging version of my project) access to the files on my server, that's it. Trying to make that happen is starting to become a bigger issue than the one I needed the developer to solve for me in the first place :(

Do you see any way I could get this done?
 
You must log in or register to reply here.

Similar threads

D
Resolved Impossible to make a FTP connection
Replies
9
Views
3K
scsa20
scsa20
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
1K
Endre
Endre
J
Issue Additional FTP accounts fatal error over SFTP: Received unexpected end-of-file from SFTP server
Replies
10
Views
5K
learning_curve
learning_curve
burnley
Forwarded to devs It is possible to create mail box without triggering 'Create Mailname' event handler
Replies
4
Views
1K
Peter Debik
P
N
Issue unable to connect to ftp/ftps but can connect to sftp & no chroot
Replies
18
Views
8K
learning_curve
learning_curve
Back
Top